GSM Security Overview
      (Part 1)
   Wireless telephone history




             Yuri Sherman
It all started like this
First telephone (photophone) – Alexander
Bell, 1880
The first car mounted radio
telephone – 1921
Going further
1946 – First commercial mobile radio-
telephone service by Bell and AT&T in
Saint Louis, USA. Half duplex(PT...
But what’s cellular?
                          MSC




             BS




      PSTN    HLR, VLR,
                AC, EIR
Cellular principles
Frequency reuse – same frequency in
many cell sites
Cellular expansion – easy to add new cells
Handove...
Generation Gap
Generation #1 – Analog [routines for
sending voice]
All systems are incompatible
No international roaming
L...
Generation Gap(2)
Generation #2 – digital [voice encoding]
Increased capacity
More security
Compatibility
Can use TDMA or ...
TDMA
Time Division Multiple Access
Each channel is divided into timeslots,
each conversation uses one timeslot.
Many conve...
CDMA
Code Division Multiple Access
All users share the same frequency all the
time!
To pick out the signal of specific use...
Back to Generations
Generation #2.5 – packet-switching
Connection to the internet is paid by
packets and not by connection...
The future is now
Generation #3
Permanent web connection at 2Mbps
Internet, phone and media: 3 in 1
The standard based on ...
GSM
More than 800 million end users in 190
countries and representing over 70% of
today's digital wireless market.
   sou...
GSM Overview
Into the architecture
Mobile phone is identified by SIM card.
Key feature of the GSM
Has the “secret” for authentication
Into the architecture(2)
BTS – houses the radiotransceivers of the
cell and handles the radio-link protocols
with the mobi...
Into the architecture(3)
MSC – Mobile Switching Center
The central component of the network
Like a telephony switch plus e...
Into the architecture(4)
HLR – database of all users + current
location. One per network
VLR – database of users + roamers...
More GSM
GSM comes in three flavors(frequency
bands): 900, 1800, 1900 MHz. 900 is the
Orange flavour in Israel.
Voice is d...
Sharing
GSM uses TDMA and FDMA to let
everybody talk.
FDMA: 25MHz freq. is divided into 124
carrier frequencies. Each base...
Channels
The physical channel in GSM is the
timeslot.
The logical channel is the information
which goes through the physic...
Channels(2)
User data is carried on the traffic channel
(TCH) , which is defined as 26 TDMA
frames.
There are lots of cont...
SS7
Signaling protocol for networks
Packet – switching [like IP]
GSM uses SS7 for communication
between HLR and VLR (allow...
Upcoming SlideShare
Loading in …5
×

Intro to GSM by Yuri Sherman

842 views
766 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
842
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Intro to GSM by Yuri Sherman

  1. 1. GSM Security Overview (Part 1) Wireless telephone history Yuri Sherman
  2. 2. It all started like this First telephone (photophone) – Alexander Bell, 1880 The first car mounted radio telephone – 1921
  3. 3. Going further 1946 – First commercial mobile radio- telephone service by Bell and AT&T in Saint Louis, USA. Half duplex(PTT) 1973 – First handheld cellular phone – Motorola. First cellular net Bahrein 1978
  4. 4. But what’s cellular? MSC BS PSTN HLR, VLR, AC, EIR
  5. 5. Cellular principles Frequency reuse – same frequency in many cell sites Cellular expansion – easy to add new cells Handover – moving between cells Roaming between networks
  6. 6. Generation Gap Generation #1 – Analog [routines for sending voice] All systems are incompatible No international roaming Little capacity – cannot accommodate masses of subscribers
  7. 7. Generation Gap(2) Generation #2 – digital [voice encoding] Increased capacity More security Compatibility Can use TDMA or CDMA for increasing capacity
  8. 8. TDMA Time Division Multiple Access Each channel is divided into timeslots, each conversation uses one timeslot. Many conversations are multiplexed into a single channel. Used in GSM
  9. 9. CDMA Code Division Multiple Access All users share the same frequency all the time! To pick out the signal of specific user, this signal is modulated with a unique code sequence.
  10. 10. Back to Generations Generation #2.5 – packet-switching Connection to the internet is paid by packets and not by connection time. Connection to internet is cheaper and faster [up to 56KBps] The service name is GPRS – General Packet Radio Services
  11. 11. The future is now Generation #3 Permanent web connection at 2Mbps Internet, phone and media: 3 in 1 The standard based on GSM is called UMTS. Not yet implemented. The EDGE standard is the development of GSM towards 3G.
  12. 12. GSM More than 800 million end users in 190 countries and representing over 70% of today's digital wireless market.  source: GSM Association Israel  Orange uses GSM  Pelephone and Cellcom are about to use GSM
  13. 13. GSM Overview
  14. 14. Into the architecture Mobile phone is identified by SIM card. Key feature of the GSM Has the “secret” for authentication
  15. 15. Into the architecture(2) BTS – houses the radiotransceivers of the cell and handles the radio-link protocols with the mobile BSC – manages radio resources (channel setup, handover) for one or more BTSs
  16. 16. Into the architecture(3) MSC – Mobile Switching Center The central component of the network Like a telephony switch plus everything for a mobile subscriber: registration, authentication, handovers, call routing, connection to fixed networks. Each switch handles dozens of cells
  17. 17. Into the architecture(4) HLR – database of all users + current location. One per network VLR – database of users + roamers in some geographic area. Caches the HLR EIR – database of valid equipment AuC – Database of users’ secret keys
  18. 18. More GSM GSM comes in three flavors(frequency bands): 900, 1800, 1900 MHz. 900 is the Orange flavour in Israel. Voice is digitized using Full-Rate coding. 20 ms sample => 260 bits . 13 Kbps bitrate
  19. 19. Sharing GSM uses TDMA and FDMA to let everybody talk. FDMA: 25MHz freq. is divided into 124 carrier frequencies. Each base station gets few of those. TDMA: Each carrier frequency is divided into bursts [0.577 ms]. 8 bursts are a frame.
  20. 20. Channels The physical channel in GSM is the timeslot. The logical channel is the information which goes through the physical ch. Both user data and signaling are logical channels.
  21. 21. Channels(2) User data is carried on the traffic channel (TCH) , which is defined as 26 TDMA frames. There are lots of control channels for signaling, base station to mobile, mobile to base station (“aloha” to request network access)
  22. 22. SS7 Signaling protocol for networks Packet – switching [like IP] GSM uses SS7 for communication between HLR and VLR (allowing roaming) and other advanced capabilities. GSM’s protocol which sits on top of SS7 is MAP – mobile application part

×